<?php	
	$db = new MySQL();   
	$table = "about_item";
	$id = $_GET['id'];	
	$mod = $_GET['mod'];
	$curpg = 1;
	if(isset($_POST["curpg"])) $curpg = $_POST["curpg"];	
	  
	$title = (isset($_POST["title"]))?$_POST["title"]:"";
		$title = str_replace("'", "\\'", $title);
		$title = str_replace("\\\'", "\\'", $title);	
	  
	$title_vn = (isset($_POST["title_vn"]))?$_POST["title_vn"]:"";
		$title_vn = str_replace("'", "\\'", $title_vn);
		$title_vn = str_replace("\\\'", "\\'", $title_vn);	
	
	$titleurl = myurl($title);	
	
	$content = (isset($_POST["content"]))?$_POST["content"]:"";
		$content = str_replace("'", "\\'", $content);
		$content = str_replace("\\\'", "\\'", $content);
	
	$content_vn = (isset($_POST["content_vn"]))?$_POST["content_vn"]:"";
		$content_vn = str_replace("'", "\\'", $content_vn);
		$content_vn = str_replace("\\\'", "\\'", $content_vn);
	
	
	$meta_key = (isset($_POST["meta_key"]))?$_POST["meta_key"]:"";	
		$meta_key = str_replace("'", "\\'", $meta_key);
		$meta_key = str_replace("\\\'", "\\'", $meta_key);
	$meta_des = (isset($_POST["meta_des"]))?$_POST["meta_des"]:"";	
		$meta_des = str_replace("'", "\\'", $meta_des);
		$meta_des = str_replace("\\\'", "\\'", $meta_des);		
					     		
	if ($_POST["form_"]=="edit")
	{	
		if(isset($_GET['id']))
		{
			$query_image = "select * from $table where id='$id'";
			$sql_image = $db->select($query_image);
			$tt_image = $db->fetch($sql_image);			
			$image  = $tt_image['image'];			
			$image1  = $tt_image['image1'];				
		}
		
		//image
		if ($_FILES['image']['name'] != "")	
		{				
						
			$parts1=pathinfo($_FILES['image']['name']);
			$ext1=".".strtolower($parts1["extension"]);																			

			
			if (file_exists("../about-img/".$_FILES["image"]["name"]))
			{
				$attach_file = date("sihdmy").$ext1;
			}
			else 
			{											  
				$attach_file = str_replace(" ","_",$_FILES["image"]["name"]);
			}
			
			if(move_uploaded_file($_FILES["image"]["tmp_name"], "../about-img/".$attach_file))
			{	
				$filemod = "../about-img/".$attach_file;
				
				chmod($filemod,0777);
				
				resize_jpg($filemod,$filemod,307,205);
				
				
				if($image !="" && file_exists("../about-img/".$image))   
				{
					unlink("../about-img/".$image); 
					
				}	
				$image = $attach_file;
			}					
		}
		
				
		if(isset($_GET['id']))
		{			
			$query="update $table set  title = '$title', title_vn = '$title_vn', titleurl = '$titleurl', image = '$image', content = '$content', content_vn = '$content_vn', titlepage = '$titlepage', meta_key = '$meta_key',  meta_des = '$meta_des' ";
			$query.=" where id='$id'";			
			$sql = $db->update($query);								
			$db->close();							
			echo "<script>location='?mod=".$mod."&act=list'</script>";	
		
		}
		else{			
			// du lieu			
			//echo $image; die();
			$query="insert into $table (title, title_vn, titleurl, image, content, content_vn, titlepage, meta_key, meta_des ) ";
			$query.=" values ('$title', '$title_vn', '$titleurl', '$image', '$content', '$content_vn', '$titlepage', '$meta_key', '$meta_des' )";
						
			$id = $db->insert($query);	
								
			$db->close();							
			echo "<script>location='?mod=".$mod."&act=list'</script>";	}			
	}
	
	//delete 	
	if ( $_POST['form_']=="delete")
	{
		$listid=$_POST["listid"];
		$key_str =  substr($listid,0,strlen($listid)-1);
		$key = explode(',', $key_str);
		
		$strwhere="where id in ('".str_replace(",","','",$key_str)."')";	
		
		$query="select * from $table $strwhere";
		$sql = $db->select($query);
		while($tt = $db->fetch($sql))
		{
			$image = $tt['image'];
			if($image !="" && file_exists("../about-img/".$image))	unlink("../about-img/".$image); 
		}	
					
		$query="delete from $table $strwhere";
		$sql = $db->delete($query);				
	
		$db->close();
		echo "<script>location='?mod=".$mod."&act=list&curpg=".$curpg."'</script>";	
	}
	
?>
